Array Index Vulnerability in Linux Kernel Networking Component
CVE-2024-57996

5.5MEDIUM

Key Information:

Vendor: Linux
Status: Linux
Vendor: CVE Published:; 27 February 2025

What is CVE-2024-57996?

A vulnerability in the Linux kernel's packet scheduling implementation can lead to an array index out-of-bounds condition. With a limit of one packet, the scheduler may incorrectly manage queued packets, resulting in potential system crashes. This issue arises when the token bucket filter (TBF) and stochastic fair queueing (SFQ) interact under specific conditions, leading to packet drops and eventual underflow errors within the scheduling queue. This bug exemplifies the critical importance of rigorous boundary checks in network components to enhance system stability and security.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1e6d9d87626cf89eeffb4d943db12cb5b10bf961

Linux 1da177e4c3f41524e886b7f1b8a0c1fc7321cac2 < 1b562b7f9231432da40d12e19786c1bd7df653a7

References

https://git.kernel.org/stable/c/e12f6013d0a69660e8b99bfe3...

https://git.kernel.org/stable/c/1e6d9d87626cf89eeffb4d943...

https://git.kernel.org/stable/c/1b562b7f9231432da40d12e19...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 27, 2025
Vulnerability Reserved
Feb 27, 2025

JSON

Linux

What is CVE-2024-57996?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.